General
-
Target
nexusFN.exe
-
Size
4.8MB
-
Sample
240819-s3flwawdjl
-
MD5
f18c150c58d8a2d65530342bf8cb8c33
-
SHA1
6ccf078858e70e377512cadd7095859368f8df1f
-
SHA256
9262204873a43e249c6da4053d5f54dd090afda28703aedcd48989ebfd69a844
-
SHA512
566ad0e3695bb81f69d612d4b1c61554e2133d669872da871469d491016a158229957cc47f7742ec823c7c6106c6139ab34c04555f2842ed6938dcf8d3f5aa34
-
SSDEEP
98304:pMhQJYICxORCELc2Xg2TpIzkUK4yr7dTW36iZ3cBVcsEY1stG/TapkP4mEq:yPYT2MRy6ixc1rai
Malware Config
Targets
-
-
Target
nexusFN.exe
-
Size
4.8MB
-
MD5
f18c150c58d8a2d65530342bf8cb8c33
-
SHA1
6ccf078858e70e377512cadd7095859368f8df1f
-
SHA256
9262204873a43e249c6da4053d5f54dd090afda28703aedcd48989ebfd69a844
-
SHA512
566ad0e3695bb81f69d612d4b1c61554e2133d669872da871469d491016a158229957cc47f7742ec823c7c6106c6139ab34c04555f2842ed6938dcf8d3f5aa34
-
SSDEEP
98304:pMhQJYICxORCELc2Xg2TpIzkUK4yr7dTW36iZ3cBVcsEY1stG/TapkP4mEq:yPYT2MRy6ixc1rai
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-